TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit.

Note: Only available for Azure.

This test is part of DCF-55 and DCF-285.

If Drata finds that one or more Azure storage accounts have a minimum TLS version set to an earlier, insecure version. , the test will fail.

In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. Continued use of this legacy protocol affects the security of data in transit. This minimum TLS version should be configured to be later protocols such as TLS 1.2.

Go to 'Storage Accounts' and, for each failing storage account, under the 'Setting' section, click on 'Configuration' and set the 'minimum TLS version' to be version 1.2.

This is a test that aligns with the Center for Internet Security’s (CIS) benchmarks for Microsoft Azure, providing prescriptive guidance to establish a secure baseline configuration for Azure environments. These benchmarks are developed through a global, consensus-driven process involving cybersecurity experts to help organizations strengthen their defenses against potential threats in the cloud.